Today, computing, or ‘processing,” systems are involved in almost every technical device produced. Processing systems may come in the form of, for example, laptops, tablets, iPads and desktops. In addition, processors may be found in smart phones, SCADA, process control systems, Point-of-Sale terminals, kiosks, ATMs, Casino Gaming equipment, medical equipment, embedded systems, network appliances, cloud and data center servers and automated self-driving cars. Unfortunately, any processing system may be the target an unauthorized access attempt, even systems with required security updates or without known security holes.
Hackers and other unauthorized computer and device users can run unknown, unfrosted or unauthorized applications on computer systems and devices to gain access to protected information or misuse computing resources. Two current techniques for protecting computing systems and devices are white lists and black lists. A white list (or whitelist) is a list or register of applications that are being provided a particular privilege, service, mobility, access or recognition. In other words, applications or processes on a white list are accepted, approved or recognized as being legitimate applications or processes. A blacklist (or black list) is a list or register of entities or people who, for one reason or another, are denied a particular privilege, service, mobility, access or recognition.
Currently, white lists are primarily based upon application or process names, which may be spoofed, upon signing certifications which can be forged using stolen signing certificate keys or upon cryptographic hashes or simple checksums. Blacklists are primarily based upon a signature which identifies a code sequence pattern, the examination of file formats and code statistics on the frequency of interrupt vectors and code used (or the absence of use) or a behavioral profile of computer resource misuse determined with dynamic heuristics where programs execution is emulated in a closed environment.